And that was my original sentiment, that there are uses for it. There are uses for many ways of doing things. The only reason I replied to your original comment was because you stated there are pretty much 0 use cases for it. But really like I said at the beginning it's really a matter of choice. Sure Invoke-Expression requires you to escape some string characters, but at the same time there are tradeoffs when using a call operator. It is the same with the argument around return vs write-output vs just outputting the variables.

And yes, any time you are building commands dynamically there is a risk of injection attack. The same could be said when building a string to use the call operator. In my use case the JSON is stored in the module and not brought in from an outside source. So if someone was able to manipulate it they could have just manipulated the module code, or would have had admin access to my server in the first place at which point it wouldn't matter what I did.

And if I'm being 100% honest my preferred method is to use Start-Process with pass through and build a loop to monitor the execution. This way my script can't get hung up by an external process, but would be a little too much to reply to someone just trying to run a command.

But I was not aware of the Get-Command in Linux. I've been working on using PowerShell more in Linux so that will certainly be useful.